Organisations protecting their web applications with this Software-as-a-Service (SaaS) solution can deploy the full WAF solution without the need to deploy and manage infrastructure or possess specific web application security skills, enabling rapid application deployment.

The evolving attack surface in the cloud

To keep up with digital transformation, IT teams are increasingly deploying applications to the cloud and building cloud-native applications.

However, this rapid deployment can introduce vulnerabilities and requires robust security to defend the evolving attack surface and protect applications from threats.

Organisations’ disaggregation of security tools compounds the challenge of protecting the attack surface.

IT teams need security solutions that accurately protect web assets, are intuitive and are simple to deploy and easy to manage in order to take advantage of the benefits of migrating applications to the cloud or building cloud-native applications.

Pairing this with the shortage of general cybersecurity expertise and web application security, in particular, DevOps teams managing web applications are especially in need of security solutions that are easy to use as the resources to monitor threats across hybrid cloud environments are limited.

Reaping the benefits of the cloud with Fortinet’s security-driven approach

Fortinet is addressing the issues that IT teams, including DevOps, face with the addition of FortiWeb Cloud WAF-as-a-Service to its cloud security portfolio.

FortiWeb Cloud WAF-as-a-Service is available for purchase on AWS Marketplace or through Fortinet resellers and leverages the flexibility of AWS by automatically provisioning security protection for customers across multiple AWS Regions.

As part of the Fortinet Security Fabric, FortiWeb Cloud WAF-as-a-Service provides the following benefits:

Accurate and easy to manage Cloud WAF offering: As one of the first machine learning-enabled WAF technology in the industry, customers deploying FortiWeb Cloud WAF-as-a-Service benefit from accuracy of detection and threat prevention, eliminating false positives and ensuring applications keep running. The solution also gives users the ability to perform a comprehensive self-tuning of policies to eliminate the operational overhead of managing a WAF service. FortiWeb Cloud WAF-as-a-Service also provides web application security that is easy to deploy and maintain with minimal configuration and management. The solution allows access to advanced configuration options when needed, removing the usual complexity required when setting up a WAF.

Low total cost of ownership (TCO): As a cloud-native SaaS solution deployed in the same AWS Region as an organisations’ applications, FortiWeb Cloud WAF-as-a-Service doesn’t require maintenance of hardware or software and can reduce outbound data transfer costs significantly. Organisations pay Intra-Region Data Transfer rates for traffic to the service and FortiWeb Cloud WAF-as-a-Service handles the data transfer out costs as part of its subscription. IT teams can leverage the benefits of low latency and intra-region bandwidth rates for traffic between applications and the WAF.

Simplifies compliance requirements: Fortinet delivers FortiWeb Cloud WAF-as-a-Service using a colony of WAF gateways in the same AWS Region as an organisations’ application. This avoids potentially subjecting the application to additional regional regulatory requirements.

“As organisations increasingly build out their business in the cloud and use web applications, they increase their exposure to known and unknown targeted attacks,” says Fortinet products and solutions EVP John Maddison.